Some Examples:

Any MUN faculty member can access virtually any student record, dating back at least to the 1980's.

USSearch.com

For $59.95, it will deliver

current address and 10 year history
relatives, roommates and neighbours
bankruptcies, tax liens, civil judgments
property ownership
and more, if possible

Doubleclick

Doubleclick is a U.S. based marketing firm that operates in Canada (and many other places)

Among other things, Doubleclick is an on-line advertising provider.

Unless a user opts out of the practice, Doubleclick stores a 'cookie' on the computer of users who receive its ads.  The cookie assigns a unique identifying number to the computer.

This cookie is used to keep records as to what sort of sites your computer has been used to view, which ads you have seen, etc. Doubleclick's policy is to keep these records free of personally identifying data.

The cookie can be disabled, but only if you go out of your way to do so.

In 1999, Doubleclick acquired Abacus Direct, a company which primarily assists companies with direct marketing operations (e.g., catalogue sales).  Abacus Direct keeps a database of people, their addresses and their types of purchase.

At one time, Doubleclick planned to link these two databases, but they later backed away from the plan (in the face of substantial public pressure).

Windows XP

Windows XP has been criticized by privacy groups for including 'pressure' to sign up for Microsoft's .NET Passport service during the process of upgrading to Windows XP

Passport is a service that allows a user to store passwords, credit card information and so on, so that the user only needs to remember his/her email address and Passport password.

Many privacy groups have raised concerns about the possibility of Microsoft assembling a massive database of consumer and personal information.

Microsoft has responded by claiming that it will only share information with other companies if the user has consented to this.

"A Day in the Life" (from the 1995-96 Report of the Privacy Commissioner of Canada)

Before we consider how we should deal with specific issues like these, it might be helpful to consider the idea of privacy in general.  Why does privacy matter?

**********************************

Why Value Privacy?

Some Philosophical Approaches:

I. Privacy as a Natural, Negative Right

This approach conceives of the right to privacy as being derived from one's natural right to one's own property.

Just as others must not trespass on your property, so they must not trespass on your private 'space'.

"We have a notion of having a personal 'space' into which we can invite others but into which no one should trespass unbidden." (Edgar, 206)

II.  A Kantian View

"Kant says that the moral individual must be rational and autonomous.  I cannot be autonomous if there are outside forces directing my decisions." (Edgar, 207)

This is usually thought to apply both to cases in which overt control is applied to a person and cases in which a person's conduct is covertly monitored.  In doing this, you change the world in which I make my decisions, so you take some control of my life away from me.

"If we go about observing a man's conduct against his will the consequence of such observation is that either the man's conduct is altered or his perception of himself is altered." (Weisstaub and Gotlieb, quoted by Edgar, p. 221)

III. Privacy as Necessary for Survival

"Privacy may simply be necessary to mental survival, just as the body needs sleep." (207)

The stress of public life must sometimes be relieved in the name of our mental health.

A worry:  Is this true? What might certain religious traditions have to say about this?

IV. A Utilitarian Approach

"A utilitarian argument can be made that invasions of privacy cause, overall, more harm than good." (207)

A Legal Approach:  Privacy Rights in Canada

"The right to privacy is fundamental to any democratic society. ... Protecting our privacy helps protect our independence, our ability to control our own lives, and our freedom to make our own decisions." (George Radwanski, Privacy Commissioner of Canada, "Your Privacy Rights:  A Guide for Canadians")

"7. Everyone has the right to life, liberty and security of the person and the right not to be deprived thereof except in accordance with the principles of fundamental justice.

8. Everyone has the right to be secure against unreasonable search or seizure."

These matters are take up by two federal laws:

1. The Privacy Act
2. The Personal Information Protection and Electronic Documents Act

- took effect on July 1, 1983.

- imposes obligations on federal government departments and agencies to place limits on the collection, use and disclosure of personal information.

- gives Canadians the right to access and correct personal information about them held by these bodies.

- took effect on January 1, 2001

- its provisions are being phased in gradually

- as of January 1, 2001, the Act applies to personal information about customers or employees that is collected, used or disclosed by the federally regulated sector in the course of commercial activities.

e.g., banks, telephone companies, air carriers

- as of January 1, 2002 the Act will apply to personal health information collected, used or disclosed by these organizations.

- as of January 1, 2004, the Act will cover any commercial activity within a province (unless provincial legislation with similar effect is in place, in which case the provincial legislation will apply.

- the act does not apply to:

- Provincial or Territorial governments (or their agents)

At present, Newfoundland has no provincial privacy legislation in place, although such legislation is recommended by the recent government report Striking the Balance.

- information being collected for artistic or journalistic purposes

- information being collected by an individual for genealogical purposes

- with some limitations, the act entitles you to:

- not have personal information about you collected without your consent (and to not have that information used for any purpose other than the one you have consented to)

A Difficult Question:  What counts as consent?

Is it enough to provide a privacy policy and a box to tick off indicating that you've read it?

Do we need to use the something like the medical model of informed consent (on this approach, ticking off a box definitely isn't enough)

- have products and services provided to you even if you refuse to provide personal information

- know why an organization is seeking to collect personal information about you

- obtain access to information organizations have about you and request corrections to it

- what counts as 'personal information'?

- name, age, weight, height
- medical records
- income
- DNA, blood type, fingerprints
- marital status
- education
- home address...

Encryption

While technology threatens privacy, it might also provide a means of promoting it.

Key Encryption techniques, for example, might allow communication to take place with a greater degree of privacy than previously possible.

(Very) roughly, Key Encryption techniques involve using a key (a very large prime number) to encode and decode a message.  The larger the key, the greater the degree of privacy.

For more details, see "A PKI Primer".

"All other things being equal, cryptographic strength is defined by the length of the cryptographic key (or "bit-length"), which establishes the number of possible permutations. With each bit added to the length of the key, the strength is doubled. In July 1997, it took 78,000 volunteered computers on the Internet 96 days to crack a message encrypted with ... a single 56-bit key. It is estimated that it would take the same computer resources 67 years to crack a secret key algorithm using a 64-bit key and well over 13 billion times the age of the universe to crack a 128-bit key."  (A Cryptography Policy Framework for Electronic Commerce: Building Canada's Information Economy and Society)

Currently, web banking sites work with 128-bit keys.

Keep in mind, however, that such claims are relative to the power of  the computers we have to work with.

Two Kinds of Key Encryption

Secret Key Encryption:  In SKE, the same key is used to encrypt and decrypt the message.

Problem:  In order to use this technique, both the sender and receiver of the message must have access to the key.  For some possible uses of encryption (e.g., on-line banking), this may not be feasible.  How is the key to be transmitted?  Will we have to encrypt that message as well?

                   Public Key Encryption solves this problem.

Public Key Encryption:  In PKE, two keys are used.  A public key (which, as the name suggests is made publicly available) is used to encrypt the message. However, in order for the message to be decrypted, a private key is used.  The private key, naturally, is known only to the message's recipient.

Pretty clearly, while encryption techniques can be used for legitimate purposes, they can also be used for illegitimate ones (e.g., terrorists swapping messages using SKE).

This raises an ethical and political question as to what limits we should place on encryption techniques.

The 'Clipper Chip'

An attempt, now largely abandoned, by the U.S. to standardize encryption.

Roughly, the intent was to have manufacturers of any device that encrypted data use a standard encryption system for which the private keys would be held in trust ('in key escrow').  The keys, which would have been 80-bit, were to be split up into 40-bit halves and held by key escrow agencies.  The government would have been able to retrieve the keys by means of court orders.

Many privacy advocates worried about possible government abuse of this technology.  That is, they worried that the government would be able and tempted to use the Clipper Chip to access data even without going through the formal process of getting a court order. (See Edgar, pp. 212-213)

In the wake of Sept. 11th, there has been some talk in the U.S. and Canada about renewing attempts to put some form of key escrow into place.

[Philosophy 2801]